OTTAWA — The opposition New Democrats will ask a Commons committee next week to widen the scope of its investigation into identity fraud and probe the reasons behind thousands of data breaches that have plagued the federal government over the past 10 years.

The NDP argue such a study is needed to see what’s being done to solve “this massive problem,” and reduce the risk that future breaches could lead to someone having their identity stolen.

“We have no idea how many cases of data loss or breach or hacking have resulted in Canadians having their personal information or financial information stolen,” NDP MP Charlie Angus said. “We need to find that out.”

Angus said he hoped for support from government MPs on the Conservative-dominated committee to expand the study’s scope. He said MPs on the committee wouldn’t become “judge and jury” about specific breaches, such as two high-profile breaches at Human Resources and Skills Development Canada (HRSDC), but they would ensure that there’s a change in what seems like a “lackadaisical” approach to handling government data.

“The issue with privacy breaches is that we’re talking about the issue of cyber fraud and identity theft. That’s what happens when you take a USB stick with 5,000 names and misplace it or have it stolen,” Angus said.

That USB key contained the personal information, including social insurance numbers, of 5,045 Canada Pension Plan disability claimants, all of whom had appealed the department’s rulings about their claims.

The USB key was first reported missing on Nov. 16, 2012.

Searches of the department’s headquarters in Gatineau, Que., an employee’s home, a taxi that they travelled home in on Nov. 15 and interviews with cleaning staff turned up nothing. The department did not directly answer a question about whether it had found the USB key, only saying that it had “no evidence that any of the information has been accessed or used for fraudulent purposes.”

An internal report on the investigation into the breach found that the employees involved didn’t encrypt or password protect the device as per department policies. According to the report, dated Feb. 11, 2013, the employee who transferred the data to the USB key had never been taught about the department’s information security procedures.

When managers interviewed the employee, the worker said the procedures themselves were unclear.

“Why aren’t there clear protocols?” Angus said. “Why is it that when data goes missing…that people aren’t immediately contacted? That’s my concern. It seems that they have a pattern: The privacy commissioner and citizens are kept in the dark.”

The department says it has meted out “appropriate” disciplinary actions.

“An investigative process was undertaken to gather the relevant facts and circumstances related to the loss of a misplaced USB key, and to implement measures to avoid a recurrence of a similar incident,” spokesman Eric Morrissette said in an email.

“That process is now concluded and appropriate actions have been taken.”

What those actions are is unclear. Morrissette wouldn’t say what HRSDC has done with the employees and managers involved in the loss of a USB key, citing the privacy of the employees as the reason to not release any information.

What the department has done in the wake of the two incidents is institute new rules on dealing with potential privacy breaches that includes reporting any potential security or privacy incidents. The minister in charge, Diane Finley, ordered mandatory training for employees, and that has since been completed, according to the department.

“This loss by the department is completely unacceptable,” said Finley spokesman Jan O’Driscoll. “To safeguard against future incidents, Minister Finley has directed the department to review the ways that employees handle Canadians’ data and fix any gaps that allowed this to happen.”